CN109672538B - Lightweight vehicle-mounted bus secure communication method and system - Google Patents

Lightweight vehicle-mounted bus secure communication method and system Download PDF

Info

Publication number
CN109672538B
CN109672538B CN201910112618.XA CN201910112618A CN109672538B CN 109672538 B CN109672538 B CN 109672538B CN 201910112618 A CN201910112618 A CN 201910112618A CN 109672538 B CN109672538 B CN 109672538B
Authority
CN
China
Prior art keywords
data
counter
accumulated number
hash value
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910112618.XA
Other languages
Chinese (zh)
Other versions
CN109672538A (en
Inventor
罗燕京
刘鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Xinchangcheng Technology Development Co ltd
Original Assignee
Beijing Renxinzheng Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Renxinzheng Technology Co ltd filed Critical Beijing Renxinzheng Technology Co ltd
Priority to CN201910112618.XA priority Critical patent/CN109672538B/en
Publication of CN109672538A publication Critical patent/CN109672538A/en
Application granted granted Critical
Publication of CN109672538B publication Critical patent/CN109672538B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L12/40006Architecture of a communication node
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • H04L2012/40215Controller Area Network CAN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40267Bus for use in transportation systems
    • H04L2012/40273Bus for use in transportation systems the transportation system being a vehicle
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles

Abstract

The invention relates to a safe communication method and a safe communication system for a lightweight vehicle-mounted bus, wherein the safe communication method comprises the following steps: the first control terminal generates a first session key according to the message data coding, the first counter accumulated number and the pre-stored key matrix, calculates first ciphertext data with the data domain, combines the data domain, the first counter accumulated number and the first ciphertext data into a data frame, and sends the data frame to the second control terminal; and the second control end carries out difference operation on the accumulated number of the first counter and the accumulated number of a prestored second counter, if the difference value is within a preset range, the accumulated number of the first counter is assigned to the accumulated number of the second counter, a second session key is generated according to the message data code, the accumulated number of the second counter and a prestored key matrix, second ciphertext data is calculated with a data field and compared with the first ciphertext data, and if the two values are the same, the data frame is decrypted. The method and the system can effectively verify the integrity of the data and stop counterfeiting attacks.

Description

Lightweight vehicle-mounted bus secure communication method and system
Technical Field
The invention relates to the field of CAN bus communication, in particular to a safe communication method and a safe communication system for a lightweight vehicle-mounted bus.
Background
The vehicle networking system is composed of a vehicle, a TBOX terminal installed on the vehicle, a TSP service platform, a mobile phone APP or a PC WEB user side of the user side, and the user can control the vehicle from an interface of software by using the mobile phone APP or the WEB user side, for example: and issuing commands of locking a vehicle, opening and closing an air conditioner, opening and closing a vehicle door window and the like, checking related information of the vehicle through a mobile phone APP or a WEB user side, checking states of some vehicles, diagnosing faults and the like. The specific process is that a user uses a mobile phone APP or WEB user side to send an instruction to a TSP platform through a network, and then the instruction is sent to a TBOX terminal, and the TBOX terminal is sent to a vehicle through a CAN bus command of the vehicle to control the vehicle. After the TBOX terminal collects the vehicle state through a CAN (Controller Area Network) bus, a positioning module, an inertial measurement sensor module and the like, the vehicle state is sent to a TSP platform through a wireless communication Network, the TSP platform is sent to a mobile phone APP or a WEB user side, and a client CAN check the state or diagnose faults.
Vehicle-mounted ECUs are connected in a bus manner, and communication between ECUs (Electronic Control units) is realized by broadcasting data packets to all components on the bus and determining whether to receive the data packets by the components, so that the problem of increased wire harnesses caused by increased number of ECUs is effectively solved, huge potential safety hazards are brought to the safety of a vehicle-mounted information system, and the safety problem of a CAN network is the most prominent. Since the CAN network is used as a link network of the core ECU of the telematics system, it is known through its transmission protocol that there is no destination address and source address in the CAN packet, which means that any ECU CAN access the core ECUs in the CAN bus network, such as the ECUs of the engine, the steering gear, etc. Therefore, as long as an attacker CAN obtain the execution authority of the CAN network, the attacker CAN send a forged data packet to the ECU to modify the behavior of the ECU, thereby realizing the complete control of the vehicle. From the above, the safety of the vehicle-mounted ECU directly determines the safety of the whole vehicle-mounted information system, and the vehicle-mounted ECU is not safe, so that the vehicle-mounted ECU is not safe, and the vehicle-mounted information system is not safe. However, because the information data of the existing CAN bus is transmitted in a plaintext mode and an identity authentication mechanism for the vehicle-mounted ECU is lacked, the CAN bus is easy to be a place attacked by hackers. For a long time, almost the entire automotive world has such consensus: the CAN bus is unprotected. There are two reasons, one of them: insufficient computing power of the ECU; secondly, the CAN bus protocol has limited bandwidth. One standard CAN data frame CAN only carry 8BYTE data, but the AES encryption algorithm CAN only extract 16 BYTE data blocks. The company Trillium, japan introduced the SecureCAN security hardware product in 2015, using the Diffie-Hellman key exchange algorithm to generate keys. However, due to the performance of the algorithm, the hardware module needs to be modified by hardware of all ECU manufacturers, and the like, so that the scheme cannot be implemented until now.
Currently, the prior art has the following disadvantages: firstly, the speed of the algorithm cannot meet the strong real-time requirement on a CAN bus; secondly, the addition of the bottom hardware module increases the cost and increases the difficulty of hardware revision of the ECU manufacturer.
Therefore, a safe communication method and a safe communication system of the lightweight vehicle-mounted bus are provided.
Disclosure of Invention
In view of the above problems, the present invention is proposed to provide a lightweight vehicular bus secure communication method and a secure communication system that overcome or at least partially solve the above problems, and based on a CPK (Combined Public Key) Key production management system and a Key matrix, implement identity authentication between ECU nodes, negotiate a session Key and synchronize an initial counter, solve the security risk of data plaintext transmission on the current CAN bus and missing authentication between ECU nodes, improve the CAN network data security, and do not affect the real-time performance of data on the CAN bus.
According to one aspect of the invention, a lightweight vehicular bus secure communication method is provided, which comprises the following steps:
the first control terminal receives the message data, analyzes the message data code from the message data, and judges whether the message data needs to be encrypted for transmission according to the message data code;
if the first control end needs to calculate the accumulated number of the first counter according to the message data codes, generate a first session key according to the message data codes, the accumulated number of the first counter and a prestored key matrix, calculate first ciphertext data according to the first session key and the data field through an encryption algorithm, combine the data field, the accumulated number of the first counter and the first ciphertext data into a data frame, and send the data frame to the second control end;
the second control end receives the data frame, the message data codes and the first counter accumulated number, difference operation is conducted on the first counter accumulated number and a prestored second counter accumulated number, if the difference is within a preset range, the first counter accumulated number is given to the second counter accumulated number, a second session key is generated according to the message data codes, the second counter accumulated number and a prestored key matrix, second ciphertext data is calculated according to the second session key and the data field through an encryption algorithm and is compared with the first ciphertext data, and if the difference is the same, the data frame is decrypted to analyze the message data into messages.
Further, the first control end and the second control end are both ECU nodes.
Further, generating a first session key according to the message data coding, the first counter accumulated number and a prestored key matrix through a mapping algorithm;
and generating a second session key according to the message data encoding, the second counter accumulated number and the prestored key matrix through a mapping algorithm.
Further, calculating first ciphertext data through an encryption algorithm according to the first session key and the data field through an HMAC algorithm;
and calculating second ciphertext data through an encryption algorithm according to the second session key and the data field through an HMAC algorithm.
Further, in the above method for secure communication of a lightweight vehicle-mounted bus, after the first control end receives the message data, the method further includes: the first control terminal authenticates the second control terminal.
Further, the first control terminal authenticates the second control terminal specifically as follows:
the method comprises the steps that a first control end generates a first random number and a first counter accumulated number, a first authentication key is calculated according to the first counter accumulated number and an authentication message code, a first hash value is calculated according to the first random number and the first authentication key, a first result hash value is extracted from the first hash value, the first random number, the first counter accumulated number and the first result hash value form 8-byte authentication instruction data, and the 8-byte authentication instruction data are sent to a second control end;
the second control end receives 8 bytes of authentication instruction data, a second random number, a second counter accumulated number and a second result hash value are analyzed from the 8 bytes of authentication instruction data, a second authentication key is calculated according to the second counter accumulated number and the authentication message code, a second hash value is calculated according to the second random number and the second authentication key, a third result hash value is extracted from the second hash value and is compared with the analyzed second result hash value, and if the second result hash value is the same as the second result hash value, the verification is passed;
the second control end generates a third random number and a third counter cumulative number, a third authentication key is calculated according to the third counter cumulative number and the authentication message code, a third hash value is calculated according to the third random number and the third authentication key, a fourth result hash value is extracted from the third hash value, and the third random number, the third counter cumulative number and the fourth result hash value form 8 bytes of authentication response instruction data and are sent to the first control end;
the first control end receives 8 bytes of authentication response instruction data, analyzes a fourth random number, a fourth counter accumulated number and a fifth result hash value from the 8 bytes of authentication response instruction data, calculates a fourth authentication key according to the fourth counter accumulated number and the authentication message code, calculates a fourth hash value according to the fourth random number and the fourth authentication key, extracts a sixth result hash value from the fourth hash value, compares the sixth result hash value with the analyzed fifth result hash value, and if the fourth result hash value is the same as the fifth result hash value, the authentication is completed.
Further, the secure communication method for the lightweight vehicle-mounted bus further comprises the following steps: the key matrix is updated.
According to another aspect of the present invention, there is provided a lightweight vehicular bus secure communication system including:
the first control end is used for receiving the message data, analyzing the message data codes from the message data, judging whether the message data needs to be encrypted for transmission according to the message data codes, if so, calculating the accumulated number of a first counter according to the message data codes, generating a first session key according to the message data codes, the accumulated number of the first counter and a prestored key matrix, calculating first ciphertext data according to the first session key and the data field through an encryption algorithm, combining the data field, the accumulated number of the first counter and the first ciphertext data into a data frame, and sending the data frame to the second control end;
and the second control terminal is used for receiving the data frame, the message data code and the first counter accumulated number, performing difference operation on the first counter accumulated number and a prestored second counter accumulated number, if the difference value is within a preset range, assigning the first counter accumulated number to the second counter accumulated number, generating a second session key according to the message data code, the second counter accumulated number and a prestored key matrix, calculating second ciphertext data through an encryption algorithm according to the second session key and the data field, comparing the second ciphertext data with the first ciphertext data, and if the second ciphertext data and the first ciphertext data are the same, decrypting the data frame to analyze the message data into a message.
Further, the first control end and the second control end are both ECU nodes.
Further, in the first control terminal, a first session key is generated according to the message data coding, the first counter cumulative number and a prestored key matrix through a mapping algorithm;
and in the second control terminal, generating a second session key according to the message data coding, the second counter accumulation and the prestored key matrix through a mapping algorithm.
Compared with the prior art, the invention has the following advantages:
1. the safe communication method and the safe communication system of the lightweight vehicle-mounted bus judge whether the message data needs to be encrypted for transmission according to the message data codes, if so, a data frame is calculated and sent to the second control end, and the second control end verifies the data frame, so that the integrity of the data can be effectively verified and forgery attack can be avoided.
2. The safe communication method and the safe communication system of the lightweight vehicle-mounted bus are based on the RC4 encryption algorithm, the speed is 10 times faster than that of a DES encryption algorithm, and the performance consumption of a CAN bus is reduced to the minimum while the identity authentication and the data encryption are realized based on the identity authentication algorithm of the HMAC.
3. The safe communication method and the safe communication system of the lightweight vehicle-mounted bus do not change the CAN protocol, are completely integrated in the CAN application layer, and have strong user expandability.
Drawings
The invention is further illustrated by the following figures and examples.
FIG. 1 is a diagram of the steps of the lightweight vehicle bus secure communication method of the present invention;
FIG. 2 is a flowchart of ECU authentication;
FIG. 3 is a schematic diagram of ECU key matrix update;
FIG. 4 is a flow chart of ECU application data encryption transmission;
FIG. 5 is a block diagram of the lightweight vehicle bus secure communications system of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It will be understood by those skilled in the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
Fig. 1 is a step diagram of a lightweight vehicle-mounted bus secure communication method of the present invention, and as shown in fig. 1, the lightweight vehicle-mounted bus secure communication method provided by the present invention includes:
the first control terminal receives the message data, analyzes the message data code from the message data, and judges whether the message data needs to be encrypted for transmission according to the message data code;
if the first control end needs to calculate the accumulated number of the first counter according to the message data codes, generate a first session key according to the message data codes, the accumulated number of the first counter and a prestored key matrix, calculate first ciphertext data according to the first session key and the data field through an encryption algorithm, combine the data field, the accumulated number of the first counter and the first ciphertext data into a data frame, and send the data frame to the second control end;
the second control end receives the data frame, the message data codes and the first counter accumulated number, difference operation is conducted on the first counter accumulated number and a prestored second counter accumulated number, if the difference is within a preset range, the first counter accumulated number is given to the second counter accumulated number, a second session key is generated according to the message data codes, the second counter accumulated number and a prestored key matrix, second ciphertext data is calculated according to the second session key and the data field through an encryption algorithm and is compared with the first ciphertext data, and if the difference is the same, the data frame is decrypted to analyze the message data into messages.
The first control end and the second control end are both ECU nodes.
Generating a first session key according to the message data coding, the first counter accumulated number and a prestored key matrix through a mapping algorithm; and generating a second session key according to the message data encoding, the second counter accumulated number and the prestored key matrix through a mapping algorithm.
Calculating first ciphertext data through an encryption algorithm according to the first session key and the data domain through an HMAC algorithm; and calculating second ciphertext data through an encryption algorithm according to the second session key and the data field through an HMAC algorithm.
The safe communication method of the lightweight vehicle-mounted bus judges whether the message data needs to be encrypted for transmission according to the message data codes, if so, the data frame is calculated and sent to the second control end, and the second control end verifies the data frame.
The lightweight vehicle-mounted bus safety communication system does not change the CAN protocol, does not need hardware transformation, is completely integrated in the CAN application layer, and has high integration speed and strong user expandability.
Specifically, there are various types of message data on the CAN bus, and the importance of each message is different, which is different from the requirement for security, and therefore, the message data is classified into a general message, a middle security level message, and a high security level message based on message data encoding. In order to ensure the safety of information and simultaneously take the use investment into consideration, different safety protocols are adopted to protect different types of messages based on the importance of the messages. Since one ECU may process, i.e., transmit or receive, messages of various security levels, it is required to be compatible with various security protocols. The security level and security protocol division is shown in table 1 below.
TABLE 1
Figure BDA0001968782770000081
When the ECU node receives the high security level message, first, the ECU node that needs to receive the message authenticates the ECU node that sends the message, so in the above lightweight vehicle-mounted bus secure communication method, after the first control end receives the message data, the method further includes: the first control terminal authenticates the second control terminal. The first control terminal authenticates the second control terminal specifically as follows:
the method comprises the steps that a first control end generates a first random number and a first counter accumulated number, a first authentication key is calculated according to the first counter accumulated number and an authentication message code, a first hash value is calculated according to the first random number and the first authentication key, a first result hash value is extracted from the first hash value, the first random number, the first counter accumulated number and the first result hash value form 8-byte authentication instruction data, and the 8-byte authentication instruction data are sent to a second control end;
the second control end receives 8 bytes of authentication instruction data, a second random number, a second counter accumulated number and a second result hash value are analyzed from the 8 bytes of authentication instruction data, a second authentication key is calculated according to the second counter accumulated number and the authentication message code, a second hash value is calculated according to the second random number and the second authentication key, a third result hash value is extracted from the second hash value and is compared with the analyzed second result hash value, and if the second result hash value is the same as the second result hash value, the verification is passed;
the second control end generates a third random number and a third counter cumulative number, a third authentication key is calculated according to the third counter cumulative number and the authentication message code, a third hash value is calculated according to the third random number and the third authentication key, a fourth result hash value is extracted from the third hash value, and the third random number, the third counter cumulative number and the fourth result hash value form 8 bytes of authentication response instruction data and are sent to the first control end;
the first control end receives 8 bytes of authentication response instruction data, analyzes a fourth random number, a fourth counter accumulated number and a fifth result hash value from the 8 bytes of authentication response instruction data, calculates a fourth authentication key according to the fourth counter accumulated number and the authentication message code, calculates a fourth hash value according to the fourth random number and the fourth authentication key, extracts a sixth result hash value from the fourth hash value, compares the sixth result hash value with the analyzed fifth result hash value, and if the fourth result hash value is the same as the fifth result hash value, the authentication is completed.
The first control end and the second control end are ECU nodes.
For example, the CAN bus identity authentication method is specifically implemented as follows: the first control end generates a first 3-byte random number and a first 1-byte counter accumulated number, a first authentication key is calculated according to the first 1-byte counter accumulated number and the authentication message code, a first hash value is calculated according to the first 3-byte random number and the first authentication key, a first 4-byte result hash value is extracted from the first hash value, and the first 3-byte random number, the first 1-byte counter accumulated number and the first 4-byte result hash value form 8-byte authentication instruction data and are sent to the second control end;
the second control end receives 8-byte authentication instruction data, a second 3-byte random number, a second 1-byte counter accumulated number and a second 4-byte result hash value are analyzed from the 8-byte authentication instruction data, a second authentication key is calculated according to the second 1-byte counter accumulated number and the authentication message code, a second hash value is calculated according to the second 3-byte random number and the second authentication key, a third 4-byte result hash value is extracted from the second hash value and is compared with the analyzed second 4-byte result hash value, and if the two hash values are the same, the verification is passed;
the second control end generates a third 3-byte random number and a third 1-byte counter accumulated number, a third authentication key is calculated according to the third 1-byte counter accumulated number and the authentication message code, a third hash value is calculated according to the third 3-byte random number and the third authentication key, a fourth 4-byte result hash value is extracted from the third hash value, and the third 3-byte random number, the third 1-byte counter accumulated number and the fourth 4-byte result hash value form 8-byte authentication response instruction data and are sent to the first control end;
the first control end receives 8 bytes of authentication response instruction data, analyzes a fourth 3 byte random number, a fourth 1byte counter accumulated number and a fifth 4 byte result hash value from the 8 bytes of authentication response instruction data, calculates a fourth authentication key according to the fourth 1byte counter accumulated number and the authentication message code, calculates a fourth hash value according to the fourth 3 byte random number and the fourth authentication key, extracts a sixth 4 byte result hash value from the fourth hash value, compares the sixth 4 byte result hash value with the analyzed fifth 4 byte result hash value, and completes authentication if the fourth 3 byte random number, the fourth 1byte counter accumulated number and the authentication message code are the same.
And the difference value between the accumulated number of the third counter and the accumulated number of the first counter is 1. The first four bytes of the first hash value form a first result hash value, the first four bytes of the second hash value form a third result hash value, the first four bytes of the third hash value form a fourth result hash value, and the first four bytes of the fourth hash value form a sixth result hash value. And calculating a first authentication key according to the accumulated number of the first counter and the authentication message code by adopting a private mapping algorithm, calculating a second authentication key according to the accumulated number of the second counter and the authentication message code by adopting the private mapping algorithm, calculating a third authentication key according to the accumulated number of the third counter and the authentication message code by adopting the private mapping algorithm, and calculating a fourth authentication key according to the accumulated number of the fourth counter and the authentication message code by adopting the private mapping algorithm. The first random number and the third random number may both be vehicle power supply voltage values.
Specifically, an ECU (e.g., a power theft prevention system) with an authentication requirement may actively initiate identity authentication between ECUs, where the process of identity authentication between ECUs is shown in fig. 2:
a: generating authentication instruction data
The ECU initiating the authentication request generates a nonce preceded by nonce R1, the last byte being counter COUNT, and matrix coordinates are calculated from the authentication message ID, counter COUNT by the privacy mapping algorithm f, i.e. f (COUNT, ID) ═ x, y. (x, y) identifies the matrix coordinates, and the corresponding value is the authentication key K. And performing a hash algorithm on the random number R1| K, and taking the digest value as a result hash. The transmitted authentication instruction data is composed of: r1| COUNT | hash (8 bytes total).
B: verifying authentication instruction data
The ECU that receives the authentication request takes out the random number R1, the counter COUNT, the matrix coordinates by the private mapping algorithm f (COUNT, ID), and the authentication key K from the matrix coordinates. The HASH algorithm is performed on the random number R1| K and compared to the received HASH before the digest value is retrieved. If the verification is the same, the verification is passed, otherwise, the verification fails.
C: generating authentication response instruction data
After the ECU verifies that the authentication request passes, a random number R2 is generated, a counter COUTN is added with 1 to obtain a COUNT1, a matrix coordinate is obtained through a private mapping algorithm f (COUNT1, ID), and the corresponding value is an authentication key K1. The HASH algorithm was performed on the random number R2| K1, and the digest value was taken as the result HASH 1. Composing authentication response instruction data: r2| COUNT1| hash (8 bytes total).
D: verifying authentication response instruction data
Same procedure B
Notably, the authentication process occurs after node initialization, before normal communication; authentication between ECU nodes is bidirectional authentication; is an authentication procedure based on the C-R mechanism; only the inter-node communication requiring identity authentication needs to be authenticated.
The ECU authentication method of the invention realizes login control of the key system and signature of the key data based on the identification authentication technology, can realize identity authentication of key operators and legality authentication of the key data, and has the characteristics of small memory space, high calculation speed, safety and reliability.
After the ECU nodes are authenticated, normal communication is started, and the communication security of the ECU is realized by the ECU key matrix and the counter together. The key matrix and the counter are used for generation of ECU communication session keys. The session key is used to encrypt the ECU's transmissions to the message and serves as protection against replay attacks. The ECU sends the initial key matrix to the ECU (or is fixed in ECU firmware) before leaving the factory, and all ECUs are the same and are used for ECU single-piece testing. The initial key matrix is invalid after the key matrix is updated when the automobile leaves the factory. The key matrix updating process is shown in fig. 3:
the TSP service platform sends a matrix issuing instruction containing a platform identification and a platform signature to the gateway through the TBOX terminal, the gateway verifies the platform signature to authenticate the identity of the TSP service platform, if the platform signature passes the verification, the gateway returns an instruction containing a vehicle signature and a vehicle identification to the TSP service platform, the TSP service platform verifies the vehicle signature to authenticate the identity of the gateway, if the vehicle signature passes the verification, a random number is encrypted for a vehicle public key, the random number encryption matrix is used for sending to the gateway, the gateway receives and decrypts the matrix, the matrix is stored and used as a new matrix position mark, and when the gateway is started next time, the gateway authenticates the identity with an ECU node and updates the matrix in the ECU node.
After the ECU nodes finish updating the matrix, communication between the ECUs can be carried out.
When the vehicle is running, the communication between the ECUs is performed with secure communication (including data verification and data encryption and decryption) based on a preset security algorithm and a negotiated key matrix, and the transmission flow of the messages with high security level is shown in fig. 4:
reading a Counter accumulated number corresponding to the message data code ID by the ECUi, and accumulating the accumulated number of the Counter by 1; generating a session key SessionKey according to the message data code ID, the Counter cumulative number Counter and a prestored key matrix by a mapping algorithm; encrypting the data domain by using the session key and a preset encryption algorithm to obtain ciphertext data, for example, calculating an MAC value by using an HMAC algorithm; combining the frame by the data field, the Counter and the MAC value, and sending the combined frame to ECUj; ECUj receives the combined frame and inquires whether the error count of the message data in the combined frame exceeds a limit value, for example, whether the difference between the received Counter and the Counter is in an allowable range is checked, if so, the received Counter is given to the Counter, and if not, the data frame is discarded, the exception is recorded, and the exception is sent to the gateway; and when the error count of the message data in the combined frame does not exceed the limit value, generating a session key SessionKey by a mapping algorithm according to the message data coding ID, the Counter cumulative count and a prestored key matrix, checking the MAC value, if the message data passes through the session key SessionKey, decrypting the data frame, performing service processing, and if the message data does not pass through the session key SessionKey, performing error counting.
The intermediate security level message transmission flow is similar to this except that the message of the low security level directly sends the clear text message without encryption, i.e. the step shown by the dashed box in the figure is deleted. The structure of a frame of data (plaintext) is shown in table 2 below, and includes a data field, a counter, and an HMAC check code. To have a good anti-replay capability, the Counter should be no less than 1 byte. It is noted that different messages (different IDs) have independent counters that the ECU needs to manage (read, update).
TABLE 2
Data (not more than 6Byte) Counter (not less than 1Byte) HMAC(1Byte)
The safe communication method of the lightweight vehicle-mounted bus is based on the RC4 encryption algorithm, the speed is 10 times faster than that of a DES encryption algorithm, and the performance consumption of a CAN bus is reduced to the minimum while the identity authentication and the data encryption are realized based on the HMAC identity authentication algorithm.
For simplicity of explanation, the method embodiments are described as a series of acts or combinations, but those skilled in the art will appreciate that the embodiments are not limited by the order of acts described, as some steps may occur in other orders or concurrently with other steps in accordance with the embodiments of the invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
Fig. 5 is a block diagram of a lightweight vehicle-mounted bus secure communication system according to the present invention, and as shown in fig. 5, the lightweight vehicle-mounted bus secure communication system according to the present invention includes:
the first control end is used for receiving the message data, analyzing the message data codes from the message data, judging whether the message data needs to be encrypted for transmission according to the message data codes, if so, calculating the accumulated number of a first counter according to the message data codes, generating a first session key according to the message data codes, the accumulated number of the first counter and a prestored key matrix, calculating first ciphertext data according to the first session key and the data field through an encryption algorithm, combining the data field, the accumulated number of the first counter and the first ciphertext data into a data frame, and sending the data frame to the second control end;
and the second control terminal is used for receiving the data frame, the message data code and the first counter accumulated number, performing difference operation on the first counter accumulated number and a prestored second counter accumulated number, if the difference value is within a preset range, assigning the first counter accumulated number to the second counter accumulated number, generating a second session key according to the message data code, the second counter accumulated number and a prestored key matrix, calculating second ciphertext data through an encryption algorithm according to the second session key and the data field, comparing the second ciphertext data with the first ciphertext data, and if the second ciphertext data and the first ciphertext data are the same, decrypting the data frame to analyze the message data into a message.
The first control end and the second control end are both ECU nodes.
Further, in the first control terminal, a first session key is generated according to the message data coding, the first counter cumulative number and a prestored key matrix through a mapping algorithm;
and in the second control terminal, generating a second session key according to the message data coding, the second counter accumulation and the prestored key matrix through a mapping algorithm.
The lightweight vehicle-mounted bus safety communication system judges whether the message data needs to be encrypted for transmission according to the message data codes, if so, the data frame is calculated and sent to the second control end, and the second control end verifies the data frame.
The lightweight vehicle-mounted bus safety communication system is based on the RC4 encryption algorithm, the speed is 10 times faster than that of a DES encryption algorithm, and the performance consumption of a CAN bus is reduced to the minimum while the identity authentication and the data encryption are realized based on the HMAC identity authentication algorithm.
The lightweight vehicle-mounted bus safety communication system does not change the CAN protocol, does not need hardware transformation, is completely integrated in the CAN application layer, and has high integration speed and strong user expandability.
For the system embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (7)

1. A lightweight vehicular bus secure communication method is characterized by comprising the following steps:
the first control terminal receives the message data, analyzes the message data code from the message data, and judges whether the message data needs to be encrypted for transmission according to the message data code;
if the first control end needs to calculate the accumulated number of the first counter according to the message data codes, generate a first session key according to the message data codes, the accumulated number of the first counter and a prestored key matrix, calculate first ciphertext data according to the first session key and the data field through an encryption algorithm through an HMAC algorithm, combine the data field, the accumulated number of the first counter and the first ciphertext data into a data frame, and send the data frame to the second control end;
the second control end receives the data frame, the message data code and the first counter accumulated number, difference operation is carried out on the first counter accumulated number and a prestored second counter accumulated number, if the difference value is within a preset range, the first counter accumulated number is assigned to the second counter accumulated number, a second session key is generated according to the message data code, the second counter accumulated number and a prestored key matrix, second ciphertext data is calculated through an HMAC algorithm according to the second session key and a data field through an encryption algorithm and is compared with the first ciphertext data, and if the difference value is the same, the data frame is decrypted to analyze the message data into a message;
the first control end and the second control end are both ECU nodes.
2. The lightweight vehicular bus secure communication method according to claim 1, wherein a first session key is generated by a mapping algorithm according to a message data encoding, a first counter accumulation number and a pre-stored key matrix;
and generating a second session key according to the message data encoding, the second counter accumulated number and the prestored key matrix through a mapping algorithm.
3. The lightweight vehicular bus secure communication method according to claim 1, wherein after the first control end receives the message data, the method further comprises: the first control terminal authenticates the second control terminal.
4. The lightweight vehicular bus secure communication method according to claim 3, wherein the first control terminal authenticates the second control terminal specifically as follows:
the method comprises the steps that a first control end generates a first random number and a first counter accumulated number, a first authentication key is calculated according to the first counter accumulated number and an authentication message code, a first hash value is calculated according to the first random number and the first authentication key, a first result hash value is extracted from the first hash value, the first random number, the first counter accumulated number and the first result hash value form 8-byte authentication instruction data, and the 8-byte authentication instruction data are sent to a second control end;
the second control end receives 8 bytes of authentication instruction data, a second random number, a second counter accumulated number and a second result hash value are analyzed from the 8 bytes of authentication instruction data, a second authentication key is calculated according to the second counter accumulated number and the authentication message code, a second hash value is calculated according to the second random number and the second authentication key, a third result hash value is extracted from the second hash value and is compared with the analyzed second result hash value, and if the second result hash value is the same as the second result hash value, the verification is passed;
the second control end generates a third random number and a third counter cumulative number, a third authentication key is calculated according to the third counter cumulative number and the authentication message code, a third hash value is calculated according to the third random number and the third authentication key, a fourth result hash value is extracted from the third hash value, and the third random number, the third counter cumulative number and the fourth result hash value form 8 bytes of authentication response instruction data and are sent to the first control end;
the first control end receives 8 bytes of authentication response instruction data, analyzes a fourth random number, a fourth counter accumulated number and a fifth result hash value from the 8 bytes of authentication response instruction data, calculates a fourth authentication key according to the fourth counter accumulated number and the authentication message code, calculates a fourth hash value according to the fourth random number and the fourth authentication key, extracts a sixth result hash value from the fourth hash value, compares the sixth result hash value with the analyzed fifth result hash value, and if the fourth result hash value is the same as the fifth result hash value, the authentication is completed.
5. The lightweight vehicular bus secure communication method according to claim 4, further comprising: the key matrix is updated.
6. A lightweight vehicle bus secure communications system, comprising:
the first control end is used for receiving the message data, analyzing the message data codes from the message data, judging whether the message data needs to be encrypted for transmission according to the message data codes, if so, calculating the accumulated number of a first counter according to the message data codes, generating a first session key according to the message data codes, the accumulated number of the first counter and a prestored key matrix, calculating first ciphertext data according to the first session key and a data domain through an HMAC algorithm through an encryption algorithm, combining the data domain, the accumulated number of the first counter and the first ciphertext data into a data frame, and sending the data frame to the second control end;
the second control end is used for receiving the data frame, the message data code and the first counter accumulated number, performing difference operation on the first counter accumulated number and a prestored second counter accumulated number, if the difference value is within a preset range, assigning the first counter accumulated number to the second counter accumulated number, generating a second session key according to the message data code, the second counter accumulated number and a prestored key matrix, calculating second ciphertext data through an HMAC algorithm according to the second session key and a data field through an encryption algorithm, comparing the second ciphertext data with the first ciphertext data, and if the second ciphertext data and the first ciphertext data are the same, decrypting the data frame to analyze the message data into a message;
the first control end and the second control end are both ECU nodes.
7. The lightweight vehicular bus secure communication system according to claim 6, wherein in the first control terminal, a first session key is generated by a mapping algorithm according to the message data encoding, the first counter accumulation and a pre-stored key matrix;
and in the second control terminal, generating a second session key according to the message data coding, the second counter accumulation and the prestored key matrix through a mapping algorithm.
CN201910112618.XA 2019-02-13 2019-02-13 Lightweight vehicle-mounted bus secure communication method and system Active CN109672538B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910112618.XA CN109672538B (en) 2019-02-13 2019-02-13 Lightweight vehicle-mounted bus secure communication method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910112618.XA CN109672538B (en) 2019-02-13 2019-02-13 Lightweight vehicle-mounted bus secure communication method and system

Publications (2)

Publication Number Publication Date
CN109672538A CN109672538A (en) 2019-04-23
CN109672538B true CN109672538B (en) 2021-08-27

Family

ID=66151258

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910112618.XA Active CN109672538B (en) 2019-02-13 2019-02-13 Lightweight vehicle-mounted bus secure communication method and system

Country Status (1)

Country Link
CN (1) CN109672538B (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110213270A (en) * 2019-06-03 2019-09-06 江苏恒宝智能系统技术有限公司 Checking request method and system in car networking
CN110830347A (en) * 2019-11-07 2020-02-21 北京长城华冠汽车科技股份有限公司 Remote control device and method
CN113132092B (en) * 2019-12-31 2022-04-22 华为技术有限公司 Communication method and electronic device
CN113132082A (en) * 2020-01-10 2021-07-16 华为技术有限公司 Communication method and device based on vehicle intranet
CN112003823B (en) * 2020-07-17 2023-01-17 江阴市富仁高科股份有限公司 Information safety transmission method based on CAN bus and application
CN112069511B (en) * 2020-07-28 2023-09-05 宁波吉利汽车研究开发有限公司 Data protection method, device, electronic control unit, equipment and storage medium
WO2022041122A1 (en) * 2020-08-28 2022-03-03 华为技术有限公司 Data transmission method and apparatus
CN112291125B (en) * 2020-10-16 2022-03-15 江苏徐工工程机械研究院有限公司 Multi-node automatic identification method and device for CAN bus
CN112650172B (en) * 2020-12-17 2021-08-20 山东云天安全技术有限公司 Safety authentication method and equipment for industrial control system
CN113676448B (en) * 2021-07-13 2023-06-16 上海瓶钵信息科技有限公司 Offline equipment bidirectional authentication method and system based on symmetric key
CN114584328B (en) * 2022-05-09 2022-08-02 武汉四通信息服务有限公司 API interface access method, computer device and computer storage medium
CN115296861B (en) * 2022-07-15 2023-06-06 智己汽车科技有限公司 Network safety communication method and control device of vehicle-mounted CAN bus
CN115277219A (en) * 2022-07-29 2022-11-01 中国第一汽车股份有限公司 Message encryption method, message decryption method, message encryption device, message decryption device, and storage medium
CN115913814A (en) * 2022-12-05 2023-04-04 东北大学 Vehicle-mounted CAN bus encryption communication system and method supporting security level classification

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104025506A (en) * 2011-10-31 2014-09-03 丰田自动车株式会社 Message authentication method in communication system and communication system
CN104767618A (en) * 2015-04-03 2015-07-08 清华大学 CAN bus authentication method and system based on broadcasting
CN106357681A (en) * 2016-11-02 2017-01-25 合肥工业大学 Security access and secret communication method of vehicle-mounted remote diagnostic services
CN106453326A (en) * 2016-10-19 2017-02-22 中国第汽车股份有限公司 Authentication and access control method for CAN (Controller Area Network) bus
CN106453269A (en) * 2016-09-21 2017-02-22 东软集团股份有限公司 Internet of Vehicles safety communication method, vehicle-mounted terminal, server and system
CN106790053A (en) * 2016-12-20 2017-05-31 江苏大学 A kind of method of ECU secure communications in CAN

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6079768B2 (en) * 2014-12-15 2017-02-15 トヨタ自動車株式会社 In-vehicle communication system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104025506A (en) * 2011-10-31 2014-09-03 丰田自动车株式会社 Message authentication method in communication system and communication system
CN104767618A (en) * 2015-04-03 2015-07-08 清华大学 CAN bus authentication method and system based on broadcasting
CN106453269A (en) * 2016-09-21 2017-02-22 东软集团股份有限公司 Internet of Vehicles safety communication method, vehicle-mounted terminal, server and system
CN106453326A (en) * 2016-10-19 2017-02-22 中国第汽车股份有限公司 Authentication and access control method for CAN (Controller Area Network) bus
CN106357681A (en) * 2016-11-02 2017-01-25 合肥工业大学 Security access and secret communication method of vehicle-mounted remote diagnostic services
CN106790053A (en) * 2016-12-20 2017-05-31 江苏大学 A kind of method of ECU secure communications in CAN

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于CAN总线通信协议安全及汽车温度检测系统的研究;许矛盾等;《电子设计工程》;20160925;全文 *

Also Published As

Publication number Publication date
CN109672538A (en) 2019-04-23

Similar Documents

Publication Publication Date Title
CN109672538B (en) Lightweight vehicle-mounted bus secure communication method and system
Radu et al. Leia: Al ightweight auth e nticat i on protocol for can
CN109076078B (en) Method for establishing and updating a key for secure on-board network communication
US10382485B2 (en) Blockchain-assisted public key infrastructure for internet of things applications
CN109600350B (en) System and method for secure communication between controllers in a vehicle network
Kurachi et al. CaCAN-centralized authentication system in CAN (controller area network)
US9252945B2 (en) Method for recognizing a manipulation of a sensor and/or sensor data of the sensor
CN106357400B (en) Establish the method and system in channel between TBOX terminal and TSP platform
Palaniswamy et al. An efficient authentication scheme for intra-vehicular controller area network
US11245535B2 (en) Hash-chain based sender identification scheme
CN106572106B (en) Method for transmitting message between TBOX terminal and TSP platform
US10735206B2 (en) Securing information exchanged between internal and external entities of connected vehicles
CN106453326B (en) A kind of certification of CAN bus and access control method
EP1882346B1 (en) Communication protocol and electronic communication system, in particular authentication control system, as well as corresponding method
US20070257813A1 (en) Secure network bootstrap of devices in an automatic meter reading network
US20110083161A1 (en) Vehicle, maintenance device, maintenance service system, and maintenance service method
US20180270052A1 (en) Cryptographic key distribution
KR20160104565A (en) Communication system and communication device
CN106899404A (en) Vehicle-mounted CAN FD bus communication systems and method based on wildcard
CN111049803A (en) Data encryption and platform security access method based on vehicle-mounted CAN bus communication system
KR20130083619A (en) Data certification and acquisition method for vehicle
US11245523B2 (en) Method for implementing client side credential control to authorize access to a protected device
CN109921908B (en) CAN bus identity authentication method and identity authentication system
CN112448812A (en) Method for protected communication of a vehicle with an external server
KR20130021157A (en) Data certification and acquisition method and system for vehicle

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB03 Change of inventor or designer information

Inventor after: Luo Yanjing

Inventor after: Liu Peng

Inventor before: Luo Yanjing

CB03 Change of inventor or designer information
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: A1501, 15 / F, No. 22, Zhongguancun Street, Haidian District, Beijing 100089

Patentee after: Beijing xinchangcheng Technology Development Co.,Ltd.

Address before: 100080 room 1505, 15 / F, block B, 3 Haidian Street, Haidian District, Beijing

Patentee before: BEIJING RENXINZHENG TECHNOLOGY CO.,LTD.

CP03 Change of name, title or address